For these posts I’m going to break down a script I used in anger on a customer site. I was helping them with an Office 365 migration from on-premise and one of the tasks they wanted help with was planning the order of the migration for their users.
One of the limitations of the migration is that delegate access didn’t work between on-premise and Office 365; this meant you wanted users with delegate access to mailboxes to be moved with those mailboxes (like a manager with her assistants for example).
They had a large, organically-grown Exchange infrastructure. This was another way of saying they had no idea who had access to who’s mailbox and also who was a manager of whom. Time for a bit of PowerShell to save the day.This is a big script so I’m to put it on it’s own page here. I’ll break down parts of the script in these posts (this one and parts two and three) and try and explain what I did; this may be tricky as first I’ll have to remember what I did. No mean feat, as this was a few years ago.
What I wanted the script to do what to take a source OU and enumerate all the mailboxes those user’s had and list the delegations (other users who had access to their mailboxes). We could then group the mailboxes with their delegates so they all got migrated at the same time.
Additionally, I wanted a way to just list the mailboxes with no delegates, as these could be migrated at any time.
This could take a while to run and so also wanted a way to specify a sub-ou to narrow down the source mailboxes. This would allow me to specify two OU’s to use; one which had all the mailboxes I wanted to check the delegates on and another to check for the delegates in.
This was because the company was an international company and only the EMEA portion was migrating; the other regions were not. This meant we weren’t interested in any delegates outside the EMEA OU’s.
Often, mailbox access was delegated to a group. I needed the membership of the group
Requirements were set, here’s the code;
[cmdletbinding(DefaultParameterSetName="None")] param ( [Parameter( ParameterSetName="OrganizationalUnit", Mandatory=$true, HelpMessage="Please pass a valid organizational unit.") ] [String]$OrganizationalUnit, [Parameter( ParameterSetName="OrganizationalUnit", Mandatory=$true, HelpMessage="Please pass a valid NetBIOS Domain Name.") ] [string]$DomainName="countdown.com", [String]$SubOrganizationalUnit="", [switch]$NonDelegated )
I put the skeleton of code for parameter sets in there. I didn’t use them but I thought I might if I extended the script so I added them from the get-go. The only parts we really needed was the domain name and the source OU so they were marked as mandatory.
I’ll do the first of the two main functions in the next part.